Veracode's the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide representing Global 2000 brands. For more information, visit, follow on Twitter

Our Website:

Latest Content From Veracode

Webcast: Understanding The Board’s Perspective On Cybersecurity

by VeracodeAug 05, 2015

Following the onslaught of high-profile cyberattacks reported in the past twelve to eighteen months, cyber security has become a more frequent topic in board-level conversations. This has created a need for CISOs to better understand board member perceptions and become more effective at communicating their cybersecurity strategies.

How can CISOs respond to these new challenges and pressures? Using data from an NYSE survey of nearly 200 corporate directors, two of the industry’s best-known voices – Andy Ellis, CSO of Akamai and Chris Wysopal, CTO & CISO of Veracode – will discuss how CISOs can elevate the security conversation to a board-level discussion.

During the live-streamed videocast at 12:00 pm on August 26, sponsored by Veracode and moderated by Dark Reading, Wysopal and Ellis will share recommendations based on their own experiences presenting to boards, ongoing conversations with fellow CISOs and the results of the NYSE survey.

Wysopal and Ellis will also discuss key questions such as:

  • What are board members’ biggest fears regarding cyberattacks?
  • Who do board members hold accountable when a major breach does occur at your company?
  • How do board members prefer information be presented about risk posture and strategies?
  • What metrics are most effective for gaining buy-in for your risk reduction strategy?

The world of IT security is changing, both for the CISO and for the business. By examining the survey results, and discussing Wysopal’s and Ellis’s own experiences, you’ll hear practical tips to help make your boardroom security discussions more productive.

If you want to get a first-hand viewpoint on what these changes may mean for your organization and your career, register to watch this special live-streamed videocast!

Webcast: The Fantastic Four: Metrics you can’t ignore when reducing application-layer risk

by VeracodeJul 13, 2015

You’re starting to get the hang of application security as an organization. Maybe you’re testing a few applications, or a few hundred (or thousand). But you have these nagging thoughts in the back of your mind: Are my applications better or worse than everyone else’s — especially my competitors? How can I convince my software suppliers to move faster? And, how am I going to prove to my management — even to the board — that our appsec program is making a difference?

This webinar will provide an overview of the state of software security across different industry verticals, and talk with security experts from some of the world’s leading organizations on the four metrics they use to benchmark their performance, measure success, report up to the board, and motivate development teams to fix vulnerabilities.

You’ll learn

  • How your industry compares to others in the quality, threat landscape, and rate of remediation of its applications
  • How your peers are measuring the success of their application security programs
  • What measures can organizations take to reduce risk in their applications

Whitepaper: The New CISO's Tool Kit

by VeracodeJun 19, 2015

Over the past few years, the view of the CISO as a high-level tactical asset has begun to change. This is in part due to high-profile breaches like Target and Sony, but also because CISOs have evolved their role to help enterprises innovate rather than holding back innovation.

The New CISO's Tool Kit provides insight into how to speak a language business leaders understand, information on becoming the CISO of the future, tips for creating contingency plans for when new vulnerabilities like Heartbleed are exposed, and suggestions for making security a board level discussion, not just a tactical one.

Research Report: The Internet of Things: Security Research Study

by VeracodeJun 18, 2015

The FTC has warned that cyberattackers could potentially hijack sensitive information recorded by the devices, and their mobile apps and cloud services or could even create physical safety risks for consumers.

The Internet of Things (IoT) affects virtually every industry and domain in our society including our homes, health, hospitals, factories and critical infrastructure as well as our planes, trains and automobiles.

Veracode's research team performed a set of uniform tests across six home automation devices and organized the findings into four different domains: user—facing cloud services, back—end cloud services, mobile application interfaces and device debugging interfaces. The results showed that all but one device exhibited security vulnerabilities across most categories. Read this report to learn why the team considered the findings "unsettling".

Whitepaper: Hacking Exposed - Web and Database Hacking

by VeracodeJun 18, 2015

Read this classic reference text to get into the cyberattacker's mind and understand the latest attack vectors and web application threats. Download this whitepaper to learn about web application vulnerabilities and hacking techniques; freely-available crawling tools; and countermeasures to protect your web application infrastructure.

Webcast: The Internet of Things, the Software Supply Chain and Cybersecurity

by VeracodeJun 12, 2015

The number of connected devices is set to explode, with Gartner forecasting it will reach 25 billion by 2020 – of which 250 million will be connected vehicles.

The Internet of Things (IoT) affects virtually every industry and domain in our society including our homes, health, hospitals, factories and critical infrastructure as well as our planes, trains and automobiles.

We’re not just talking about fitness trackers and smart TVs anymore – IoT-enabled devices now include industrial machinery, patient diagnostic machines and corporate door-locking systems.

And this new binding of the digital and physical worlds means that, for the first time in history, cyberattacks can easily traverse from the digital domain to the physical realm and impact our physical assets and safety. This has been shown in numerous hacks on medical devices as well as in the 2014 cyberattack on a German blast furnace.

As enterprises increasingly rely on digital technology to drive their businesses, CISOs and CIOs must begin to understand the direction and critical implications of cybersecurity for the IoT.

Join Dark Reading for a live-streamed videocast featuring two of the industry’s best-known voices: Chris Eng, VP of Research at Veracode and former NSA engineer; and Josh Corman, CTO of Sonatype and former security strategist at Akamai and IBM Internet Security Systems.

You’ll get first-hand insights into key questions such as:

  • How does the scale and complexity of the IoT lead to changes in the way we develop software applications and assess them for risk?
  • As software increasingly becomes assembled from reusable third-party and open source components and frameworks, how do we minimize risk from the software supply chain?
  • What is a basic cybersecurity checklist for developing secure IoT systems (e.g., encryption, authentication, segmentation, patching mechanisms, etc.)?
  • What are other attack surfaces beyond the endpoint device itself (web and mobile apps, back-end cloud services, etc.)?
  • With so many different platforms and protocols, how do you assess the maturity of suppliers in your supply chain?
  • What role should industry standards and government regulations play?

Webcast: Secure Agile & DevOps: How It Gets Done

by VeracodeMay 08, 2015

There’s no point trying to ignore the elephant in the room. Everyone knows there’s historically been friction between security professionals and development teams. This isn’t because of inherent animosity, but conflicting priorities. Development needs to ship functioning code on time and within budget. Security needs to manage risks to the organization, including risks introduced by new code. One needs to go as fast as possible; the other needs to keep from smashing through the guardrails and flying off the road.

Further complicating the picture, Agile is now the dominant process for code development, with DevOps emerging as a new framework to help the entire organization be just as agile. These two trends radically alter the way we build, test and secure code. More importantly DevOps has the potential to mitigate several problems with secure Agile development, helping foster cooperation and reduce integration issues between security, operations and development. As a result, secure development and deployment practices must fit within Agile and DevOps processes — not the other way around.

Moderated by Dark Reading , this live-streaming videocast features two well-known security and development experts: Chris Wysopal, Veracode CISO & CTO, and Adrian Lane, Securosis CTO, who’s also been a CIO and managed development teams.

This videocast is for both security and development professionals who want to understand how Agile and DevOps driven development alter security integration — and help both teams work together better.

We’ll discuss:

  • Rapid development process evolution, feature prioritization, and how cultural differences can create friction between security and development.
  • Why speed and agility are essential to both sides.
  • How automation and well-defined processes allow security issues to be detected and recovered from earlier in the lifecycle.
  • How to communicate what needs to happen to reduce application-layer risk — without slowing down development or putting developers on the defensive.

Get ready for a lively conversation about pragmatic best practices for embedding security into Agile SDLC and DevOps processes!

Whitepaper: Why Application Security is a Business Imperative

by VeracodeApr 20, 2015

The harsh reality is that most internally developed applications are not assessed for critical security vulnerabilities such as SQL injection. IDG Research Services recently surveyed top IT and security executives at enterprises across a variety of industries in the U.S., U.K. and Germany to better understand the enterprise security landscape. This paper examines the survey results.

Webcast: The Changing Role of the Chief Information Security Officer: What Every CISO Should Know

by VeracodeMar 27, 2015

In past years, the job of the enterprise chief information security officer (CISO) was to establish and maintain a security perimeter around corporate data and a strategy for defending it. But today’s CISO is faced with a wide variety of new challenges that the security department has never seen before. While cloud computing, open source, distributed and outsourced software development, bring-your-own-device policies, and other initiatives create “shadow IT” environments that often take control out of the CISO’s hands, the steady barrage of high-volume, high-publicity security breaches in the headlines are putting unprecedented pressures on the CISO’s office. The reality is that today’s CISO is under more scrutiny than ever – including from the board – and yet, he/she has less control over the IT environment than ever before.

How should the CISO – indeed, the entire IT department – respond to these new challenges and pressures? In a special live videocast on Apr. 14, industry experts will discuss these very questions.

In this special videocast sponsored by Veracode and moderated by Dark Reading, two of the IT security industry’s best-known voices – Chris Wysopal,CTO & CISOof Veracode and Jim Nelms, CISO of The Mayo Clinic – will discuss the changing role of the CISO and how the importance of that role is growing within the organization.

You’ll get first-hand insights on the responsibilities and challenges assumed by today’s CISOs, and how today’s IT security departments are adapting to the new pressures being applied by new technology and attackers. You’ll also get some real-life advice on how your organization can respond to these challenges and how to explain your strategy and risk posture to business executives.

The world of IT security is changing, both for the CISO and for the business. If you want to get a first-hand viewpoint on what these changes may mean for your organization, register to watch this special videocast today!

Webcast: Building and Enforcing Mobile Application Security Policy in a BYOD World

by VeracodeMar 16, 2015

The rapid proliferation and use of personal and work-related mobile applications is one of the reasons a typical large enterprise may have up to 2000 or more unsafe applications installed in their environment. (^1) In fact, a typical user accesses an average of 24.7 mobile applications per month.,(^2) Worse yet, traditional approaches taken by security teams, such as manually testing and blacklisting or whitelisting applications, are proving inadequate to keep up with the number of applications and rate of change in the mobile landscape.

Come hear guest Forrester Research analyst Tyler Shields and Veracode mobility expert Theodora Titonis discuss the state of securing BYOD and new approaches to secure enterprises.

In this webinar, you will:

  • Understand the potential risks from unsafe mobile applications
  • Learn common failure points for BYOD initiatives
  • Learn how to use new approaches to keep up with mobile application security

^1: Veracode, "Average Large Enterprise Has More than 2,000 Unsafe Mobile Apps Installed on Employee Devices." March 11, 2015.
^2: Shields, Tyler. "The Future of Mobile Security: Securing the Mobile Moment." Forrester Research, February 17, 2015, p. 2.